AI-Ready Data Ho Bae

Backtest Reproducibility Under Audit in Finance

backtest reproducibility thumbnail fixed data state

Backtest reproducibility means being able to restore the exact data state a model backtest ran on, so an auditor can confirm the reported performance came from the data you claimed, not from a version that has since moved on.

Representative example. Figures are illustrative until reproduced on your own model and data.

The stakes here are not academic. The Federal Reserve’s SR 11-7 guidance on model risk management expects model outputs to be validated, documented, and monitored on an ongoing basis, and that expectation assumes you can show what a model actually ran on. In regulated finance the fastest way to get an AI result thrown out is to fail the one question every auditor asks: show me that this run came from the data you say it did. A backtest you cannot reproduce is a backtest you cannot defend.

backtest reproducibility figure run bound to release state 01

Why a backtest fails an audit

A risk team backtests a model and reports strong performance to a committee. The committee acts on it. Months later an auditor arrives with a simple request: reproduce the run that produced these numbers.

The model version is sitting in the registry, so that part checks out. But the data behind the backtest has kept moving. The window shifted, corporate-actions adjustments were reapplied, reference rates were restated, and the point-in-time view that existed on the day of the run is gone. The team can rerun the model, just not on the same state. The numbers come back different, and now the original result is the thing under question, not the audit.

The failure is not in the model, and it is not a lapse in anyone’s diligence. It is that the data state was treated as transient. Nobody wrote down the exact conditions the result depended on, because at the time the result looked self-evident. The weakness is not unique to finance: when Nature surveyed 1,576 researchers, more than 70% had tried and failed to reproduce another scientist’s experiment.

Why backtests are especially exposed

Backtests live or die on point-in-time correctness. Use today’s adjusted prices instead of the prices as they stood on the trade date, and you get a different answer, often a flattering one, because the future has already been folded into the inputs. Restated fundamentals do the same thing more quietly. Survivorship in a reference universe does it again.

Each of these is a change in data state, not a change in code. Model versioning captures the code and the weights; it says nothing about which slice of a moving market the model was scored against. So when the auditor says “reproduce it,” a team that only versioned the model is left rebuilding the data from memory, and memory is exactly what an audit is designed to distrust. Supervisors have already written that distrust into standing rules: BCBS 239 requires banks to aggregate risk data accurately and completely on a largely automated basis, so as to minimize the probability of errors.

This is the gap between AI-ready data and merely clean data: the data can be pristine and still be undefendable if the state it was in during the run was never captured. For a fuller treatment of that distinction, see our piece on AI-ready data versus clean data.

backtest reproducibility figure point in time vs today data 02

What operating control changes

When each backtest run is bound to a Release State, the audit question stops being a threat and becomes a lookup. A Release State is the recorded, restorable condition of the data at the moment of the run: the window, the adjustments applied, the reference data in force, and the access permissions that shaped what the model could see.

Three operations do the work:

Operation What it answers for the auditor Artifact produced
RUN BINDING
Which exact data state produced this reported number?
A backtest run tied to one Release State
DIFF
What changed between that state and today, and does it explain the gap?
A named, inspectable set of differences
REPRODUCE
Can the committee’s numbers be examined under the conditions that made them?
The original state restored for inspection
Run Binding identifies the state. Diff explains what changed. Reproduce restores the conditions for inspection.

Run Binding ties the reported result to the exact state it used. Diff shows what moved between the original state and any later one, so a discrepancy has a named cause instead of a shrug. Reproduce restores the original state so the committee’s numbers can be examined under the conditions that produced them.

For production AI the question is not only which model ran; it is which data state and execution conditions produced the result. Syntitan, CUBIG’s AI-Ready Data Platform, scores enterprise data on six axes, rebuilds what blocks execution, and binds every AI or agent run to a data state you can diff and reproduce. The six axes are Usability, Integrity, Context, Consistency, Reproducibility, and Traceability, and a defensible backtest leans hardest on the last two.

Is your backtest audit-ready? A quick self-test

Run your last committee-reported backtest through these five checks. If you answer “no” or “not sure” to more than one, the result is more fragile than it looks:

  • Can you restore the exact point-in-time data the backtest scored against, not a rebuilt approximation?
  • Is that run bound to a single named data state rather than “the production tables as of roughly then”?
  • Can you produce a diff between that state and today’s data, with each change named?
  • Do the corporate-actions adjustments and reference rates in the run carry their own as-of dates?
  • If two people reproduce the run independently, do they start from the same restored state?

Where it fits in CUBIG’s operating layer

The defensible version of a backtest is not “trust our numbers.” It is “here is the state the run used, here is what has changed since, and here is that state restored for you to inspect.” Operating control does not promise byte-identical output, and it should not; performance figures stay representative until you reproduce them on your own model and data. What it removes is the black box the auditor would otherwise have to take on faith.

This is the operating layer for AI-ready data at work: a reproducible AI-ready state that survives contact with a regulator. The same binding that defends a backtest also lets you reproduce a production incident later, which we walk through in how to reproduce an AI incident, and it sits alongside formal governance rather than duplicating it, as we cover in operating control versus AI governance frameworks.

backtest reproducibility figure audit view diff reproduce 03

Try it on your data for free. Run a sample proof and see it on your own workflow.


AI runs on data states. It's time to get AI-Ready. Contact CUBIG.

FAQ

What is backtest reproducibility?

It is the ability to restore the exact data state a model backtest ran on, so an auditor can confirm the reported performance came from the data you claimed rather than a version that has since changed.

Why do backtests fail an audit?

Because the point-in-time data state behind the result was treated as transient and cannot be restored, so the auditor cannot verify the numbers came from the data claimed.

Does binding a run to a Release State guarantee identical numbers?

No. It guarantees the data state can be restored, diffed, and inspected. Performance figures stay representative until you reproduce them on your own model.

What is the key artifact an auditor needs?

A Release State each run is bound to, plus a Diff showing what changed since and a Reproduce path that restores the original state for inspection.